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DETAILED ACTION 

1. This action is in response to remarks and amendments filed on January 14, 
2005. Applicant has amended Claims 1, 7, 11 and 12. Claims 13-20 were cancelled 
and Claims 21 - 26 were added. Therefore, presently pending Claims are 1 - 12 and 21 
-26. 

2. Examiner initiated telephone discussion on April 04, 2005 with Mark L. Mollon 
resulted in amending Claim 24 to depend on Claim 7 and Claims 25 and 26 to depend 
on Claim 24. 



Response to Arguments 

3. Applicant's arguments filed on January 14, 2005, have been fully considered but 
they are not persuasive for the following reasons: 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 
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4. Claims 1-12 and 21 - 26 are rejected under 35 U.S.C. 112, first paragraph, as 
failing to comply with the written description requirement. The claim(s) contains subject 
matter which was not described in the specification in such a way as to reasonably 
convey to one skilled in the relevant art that the inventor(s), at the time the application 
was filed, had possession of the claimed invention. 

The amended independent and new Claims 1 and 7 recite, "... a directory server 
coupled with the authorization server, ...", and dependent Claims 11, 21 and 24 recite " 
... the directory server 

With respect to "a directory server", although the specification discloses a 
directory to store dynamic information such as session information and that the directory 
is coupled with the authorization server and the user profile databases via the 
communication network, the specification does not disclose a directory server where a 
directory is stored or a directory server coupled with the authorization server. 
Furthermore, the specification does not indicate how a directory server is used to 
authenticate or authorize the user data and the specification does not disclose how a 
directory server is used for creating a shopping cart or the directory server being 
operable for allowing the user to select items to be purchased, how the other computer 
applications access the object on the directory server. 

Applicant remarks/arguments address "a directory on a directory server", "the 
directory server permits ...", and "the ability of additional applications access the object 
for the computer user on the directory server ...". Applicant remarks/arguments does 
not provide any support or direct wherein specification such disclosure is made. 
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The dependent claims 2 - 6, 8 - 10, 12, 22, 23, 25 and 26 are rejected at least 
by virtue of their dependency on the dependent claims. 

5. Regarding currently amended independent Claims 1 and 7, Applicant argues that 
Alegre et al. (U.S. Patent Number 6,199,1 13, hereafter "Alegre") do not teach "an object 
associated with the Session ID is stored dynamically in a directory in a directory server 
coupled with the authorization server", "the directory server permits other computer 
applications launched by the computer user to reference the Session ID on the user's 
computer" and "the other applications access the object for the computer user on the 
directory server to authenticate or authorize the user for the other computer 
applications". These arguments are not found persuasive. 

Alegre discloses that an object associated with the Session ID (cookie with the 
session key) is stored dynamically in a directory in a directory server coupled with the 
authentication server (Alegre Column 5 line 8 - Column 6 line 22), wherein object 
(cookie) consists of a Session ID (session key) that is stored in the directory; 

the directory server permits other computer applications launched by the 
computer user to reference the Session ID on the user computer (Alegre Column 5 line 
48 - Column 6 line 49), and the other applications access the object for the computer 
user on the directory server to authenticate or authorize the user for the other computer 
applications (Column 6 lines 6 - 68), wherein the server determines the validity of the 
Session ID before permitting accessing the resources and the accessing requests that 
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may include one or more requests for operations by resources (other applications) 
(Alegre Column 8 lines 16 - 27). 

6. Regarding independent Claims 4 and 1 0, Applicant argues that the Alegre do not 
teach, "the Session ID is based on a date on which the computer user launched the 
computer application, a time in which the computer user launched the computer 
application, a TCP/IP address of the computer user, or a user name of the computer 
user". This argument is not found persuasive. 

Alegre discloses that the Session ID (Session key) is based on user 
authentication information such as user ID (UID) and password ID (PWD), expiration 
criteria (Column 3 lines 1-11, Column 5 lines 8-36 and Column 6 lines 24 - 68). 

7. Regarding claims 5, 6, 1 1 and 12, Applicant argues that the Hartman fails to 
correct for the deficiencies in Alegre. Alegre discloses the limitations of Claim 1 and 7 
as discussed above and Hartman discloses a shopping cart and storing the shopping 
cart along with the object (e.g. unique identifier, Session key, UID, PWD, expiration 
criteria, etc.) and other user-specific information (Harman Column 3 line 31 - Column 4 
lines 46). 

8- Regarding newly added Claims 21 - 26, Applicant argues that "dynamic 
directory services used by the other applications to access the object stored in the 
directory server" is neither suggested nor shown by any cited references. This 
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argument is not found persuasive as Alegre discloses dynamic directory services used 
by the other applications to access the object stored in the directory server as discussed 
above. 

9. Therefore, the examiner respectfully asserts that the cited prior art does teach or 
suggest the amended subject matter " a directory in a directory server" broadly recited 
in the amended independent claims 1 and 7. The dependent claims 2 - 6, 8 - 12 and 21 
- 26 are rejected at least by virtue of their dependency on the dependent claims and by 
other reason set forth in this office action. Accordingly, the rejection for the pending 
claims 1-12 and 21 - 26 is respectfully maintained. 



Claim Rejections - 35 USC § 102 



The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 
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10. Claims 1 -4, 7-10, 21 and 24 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Alegre et al. (U.S. Patent Number 6,199,113). 

1 1 . Regarding Claim 1 , Alegre teaches and describes a method for dynamically 
tracking a user session in order to authenticate and authorize a computer user (Fig 2 - 
13; Summary and Column 4 line 8 - Column 8 line 44), the method comprising the 
steps of: 

storing security information for a plurality of computer users in a user profile 
database (Column 4 lines 8 - 36); 

receiving at an authorization server coupled with the user profile database log- 
in information from the computer user who has launched a computer application 
(Column 4 lines 8 -40); 

in response to step b, creating a Session ID for the computer user with the 
authorization server (Column 4 lines 8-40 and Column 6 lines 24 - 42); 

storing at least a portion of the Session ID on the user's computer (Column 4 
lines 8 -42); 

also in response to step b, creating an object associated with the computer user 
or the Session ID (Column 4 lines 8-42 and Column 5 lines 8 - 20); 

storing the object dynamically in a directory stored in a directory server coupled 
with the authorization server (Column 5 line 48 - Column 6 line 49); 

copying at least some of the security information relating to the computer user 
from the user profile database to the object in the directory (Column 6 lines 24 - 67); 
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comparing the log-in information entered by the computer user to the security 
information for the computer .user and allowing the computer user access to the 
launched computer application if the user is an authenticated or authorized user of the 
computer application (Column 6 lines 24 - 49); and 

permitting other computer applications launched by the computer user to 
reference the Session ID on the user's computer (Column 6 lines 6 - 68); and 

the other computer applications accessing the object for the computer user on 
the directory server to authenticate or authorize the user for the other computer 
applications (Column 5 line 48 - Column 6 line 49). 

12. Regarding Claim 7, Alegre teaches and describes a method for dynamically 
tracking a user session in order to authenticate and authorize a computer user (Fig 2 - 
13; Summary and Column 4 line 8 - Column 8 line 44), the system comprising: 

a user profile database for storing security information for a plurality of computer 
users (Column 4 lines 8 - 36); 

an authorization server coupled with the user profile database for receiving log-in 
information from a computer user who has launched a computer application, for creating 
a Session ID for the computer user, for storing at least a portion of the Session ID on 
the user's computer and for creating an object associated with the computer user or the 
Session ID (Column 4 lines 8 - 42; Column 5 lines 8-20 and Column 6 lines 24 - 42); 
and 
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a directory stored in a directory server coupled with the authorization server for 
dynamically storing the object created by the authorization server (Column 6 lines 24 - 
34), 

the authorization server being further operable for copying at least some of the 
security information relating to the computer user from the user profile database to the 
object in the directory, comparing log-in information entered by the computer user to the 
security information for the computer user and allowing the computer user access to the 
launched computer application if the user is an authenticated or authorized user of the 
computer application (Column 5 line 48 - Column 6 line 49), 

the directory server permitting other computer applications launched by the 
computer user to reference the Session ID on the user's computer so that the other 
computer applications may access the object for the computer user on the directory 
server to authenticate or authorize the user for the other computer applications without 
requiring the user to re-enter the log-in information (Column 6 lines 6 - 67). 

13. Claims 2 and 8 are rejected as applied above in rejecting claims 1 and 7. 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
and Column 4 line 8 - Column 8 line 44), the security information including 
authentication and authorization information (Column 4 lines 48 - 67 and Column 7 
lines 55 - Column 8 line 20). 
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14- Claims 4 and 10 are rejected as applied above in rejecting claims 1 and 7. 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
and Column 4 line 8 - Column 8 line 44), the Session ID being based on at least one of 
the following: a date on which the computer user launched the computer application; a 
time in which the computer user launched the computer application; a TCP/IP address 
of the computer user; and a user name of the computer user (Column 3 lines 1-11, 
Column 5 lines 8-36 and Column 6 lines 24 - 68). 

15. Claims 3 and 9 are rejected as applied above in rejecting claims 2 and 8. 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
and Column 4 line 8 - Column 8 line 44), the authentication and authorization 
information including at least one of the following: user names, user IDs, passwords, 
public-key data, certificates, and access control information (Column 5 line 8 - Column 
6 line 65). 

16. Claims 21 and 24 are rejected as applied above in rejecting claims 1 and 7. 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
and Column 4 line 8 - Column 8 line 44), wherein the other computer applications 
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access the object on the directory server using a dynamic directory service (Column 5 
line 48 -Column 6 line 49). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

17. Claims 5, 6, 11 and 12 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Alegre et al. (U.S. Patent Number 6,199,113, hereinafter "Alegre") in 
view of Hartman et al. (U.S. Patent Number 5,960,41 1 hereinafter "Hartman"). 

18. Claims 5 and 1 1 are rejected as applied above in rejecting claims 1 and 7. 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
and Column 4 line 8 - Column 8 line 44), further including the steps of creating a 
shopping cart and storing the shopping cart along with the object in the directory (Alegre 
Column 8 lines 28 - 44). Alegre does not explicitly disclose that the method for 
dynamically tracking a user session includes the steps of creating a shopping cart and 
storing the shopping cart along with the object in the directory. However, Hartman 
discloses a method for creating a shopping cart and storing the shopping cart along with 
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a unique client identifier (cookie), purchaser-specific information (Hartman Column 3 
line 31 - Column 6 line 21). Therefore it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to modify Hartman's shopping 
cart system into the dynamically tracking user session system of Alegre. 

Alegre could have been modified by Hartman to arrive the claimed invention by 
having the shopping cart with user purchase information to be saved on the directory as 
taught by Hartman (See Hartman Column 3 line 31 - Column 8 line 25) and as 
suggested by Alegre (See Alegre Column 7 line 3 - Column 8 line 53). One of ordinary 
skill in the art would have been motivated to modify Alegre by Hartman as discussed 
above because in a shopping cart systems user profiles are stored in a directory as 
taught by Hartman and employing the shopping cart within Alegre would provide an 
efficient and secure method for dynamically tracking a user session. 

19- Claims 6 and 12 are rejected as applied above in rejecting claims 5 and 1 1 . 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
and Column 4 line 8 - Column 8 line 44), further including the steps of allowing the user 
to select items to be purchased and storing information relating to the selected items in 
the shopping cart (Hartman Column 3 line 46 - Column 4 line 26; Column 5 line 27 - 
Column 6 line 21 and Column 7 line 57 - Column 8 line 25). 
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20. Claims 22, 23, 25 and 26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Alegre et al. (U.S. Patent Number 6,199,113, hereafter "Alegre") in 
view of Blanco et al. (U.S. Patent Number 6,539,482, hereafter "Blanco"). 

21. Claims 22 and 25 are rejected as applied above in rejecting claims 21 and 24. 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
and Column 4 line 8 - Column 8 line 44), wherein the other computer applications 
access the object on the directory server using a dynamic directory service (Column 5 
line 48 - Column 6 line 49). Alegre does not explicitly disclose that the dynamic 
directory service comprises the lightweight directory access protocol (LDAP). However, 
Blanco discloses a network access authentication system that gathers the data 
concerning the users, including authentication data, in a data base of a directory, which 
uses Light weight directory access protocol which is specifically targeted at 
management applications and browsing applications that provide interactive access to 
directories (Blanco Column 3 lines 22 - 67). 

22. Motivation to combine Blanco with Alegre comes from the need to provide 
authentication and authorization of a user available to an authorization server coupled 
with a directory server that stores the authentication (user) data. Alegre provides a 
discussion of the need for security and authorization information for all the resources 
that a user can access but is silent as to the specific details of the LDAP, see Alegre 
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Column 1 line 51 - Column 2 line 35 (especially Column 2 lines 24 - 35). It would have 
been obvious to one of ordinary skill in the art to combine Alegre with Blanco because 
LDAP provides the authentication data stored in the directory available to all the 
applications that are associated with a directory server and provides interactive access 
to directories. 

23. Claims 23 and 26 are rejected as applied above in rejecting claims 21 and 24. 
Furthermore, Alegre teaches and describes a method for dynamically tracking a user 
session in order to authenticate and authorize a computer user (Fig 2-13; Summary 
and Column 4 line 8 - Column 8 line 44), wherein the other computer applications 
access the object on the directory server using a dynamic directory service (Column 5 
line 48 - Column 6 line 49). Alegre does not explicitly disclose that the dynamic 
directory service comprises the X.500 access protocol. However, Blanco discloses a 
network access authentication system that gathers the data concerning the users, 
including authentication data, in a data base of a directory, which uses Light weight 
directory access protocol that supports X.500 access protocol (Blanco Column 3 lines 
22-67). 

24, Motivation to combine Blanco with Alegre comes from the need to provide 
authentication and authorization of a user available to an authorization server coupled 
with a directory server that stores the authentication (user) data. Alegre provides a 
discussion of the need for security and authorization information for all the resources 
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that a user can access but is silent as to the specific details of the LDAP, see Alegre 
Column 1 line 51 - Column 2 line 35 (especially Column 2 lines 24 - 35). It would have 
been obvious to one of ordinary skill in the art to combine Alegre with Blanco because 
LDAP which supports X.500 access protocol, provides the authentication data stored in 
the directory available to all the applications that are associated with a directory server 
and provides interactive access to directories. 



Conclusion 



25. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. See PTO Form 892. 

26. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 



Application/Control Number: 09/664,893 



Page 16 



Art Unit: 2136 

shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

27. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Pramila Parthasarathy whose telephone number is 571- 
272-3866. The examiner can normally be reached on 8:00a.m. To 5:00p.m.. If attempts 
to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Ayaz 
Sheikh can be reached on 571-232-3795. Any inquiry of a general nature or relating to 
the status of this application or proceeding should be directed to the receptionist whose 
telephone number is 703-305-3900. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR only. For more 
information about the PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). 
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April 04, 2005. 



